Re: [Crypt::SSLeay] proxy with https

Mon, 08 Oct 2001 19:29:18 -0700 

Namsuk kim wrote:
> ...
> Now, I have new problem that I didn't have before.  First, the
> environment values for userid and passwd are not read and passed to the
> proxy.  The other problem is that it seems CA repository information is
> not also read.  Looks like I'm missing some components here.  if I use
> "proxy_authorization_basic("********", "********");", proxy
> authentication goes through.  But, it will bomb out at CA verification
> part giving me error like below.
> ...

I have comments about your code below which may help.
The gist I got from your mail was that you didn't care if 
you got a CA verification error, you just wanted to get 
through to the site via the proxy.

>  Following is the part of the code.
> 
> -------------------------------------------------------------------------------------
> 
> # PROXY SUPPORT
> $ENV{HTTPS_PROXY} = 'http://proxy:8080';
> 
good

> # PROXY_BASIC_AUTH
> $ENV{HTTPS_PROXY_USERNAME} = '*******';
> $ENV{HTTPS_PROXY_PASSWORD} = '*******';
> 
good

> # DEFAULT SSL VERSION
> $ENV{HTTPS_VERSION} = '3';
> 
I don't think you need this.  Comment it out until
you know that you do.

> # CLIENT CERT SUPPORT
> $ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem';
> $ENV{HTTPS_KEY_FILE}  = 'certs/notacakeynopass.pem';
> 
You probably don't want to set these client certs as they 
may just cause errors on the other end unless valid.

> # CA CERT PEER VERIFICATION
> $ENV{HTTPS_CA_FILE}   = 'certs/ca.crt';
> $ENV{HTTPS_CA_DIR}    = 'certs/';
> 
You probably don't want to set this since you want to 
ignore CA verification errors, right?  This will
create an error if verification fails.

> $ua->env_proxy();
You don't need this with Crypt::SSLeay.  In fact it 
may cause problems.

> 
> my $req = new HTTP::Request('GET', 'https://www.optisvalue.com/');
>
good.

> #$req->proxy_authorization_basic("********", "********");
> $req->authorization_basic('share', 'share');
> 
Don't set authorization_basic for the proxy here, only for the 
web page on the other side if necessary.

Also, you can set

  $ENV{HTTPS_DEBUG} = 1;

for Crypt::SSLeay debug output to work through this issue.

If you want further help on this, you might want to take
this offline with me, and get me the URL that you are
trying to connect to, so I can see if I can get to it
over a local proxy setup.

--Josh
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to